How to get rid of persistent virus programs.

Long query about dealing with Pesky trojans and spyware=====================================================

I have noticed that some virus or spyware programs stay in memory andthe removal programs state that the process can't be halted or the filecan't be deleted. They even stay that way when the removal programs arerun in safe mode

What kind of processes are these, and why can't they be deleted?

Do some of them run as services, and if so how can they be tracked downfrom the start up programs and services and eliminated?

I know of utilities such as those available from sysinternals.com whichcan list running processes etc. Is there a way of finding out thosewhich are legal and those which are run by these trojans, the trackdown the processes in the start up groups which activate them anddelete them altogether?

At least something like before and after lists, or a list of genuine orperhaps digitally signed images would help.

mydejamail wrote:> Long query about dealing with Pesky trojans and spyware> =====================================================>> I have noticed that some virus or spyware programs stay in memory and> the removal programs state that the process can't be halted or the> file can't be deleted. They even stay that way when the removal> programs are run in safe mode>> What kind of processes are these, and why can't they be deleted?>> Do some of them run as services, and if so how can they be tracked> down from the start up programs and services and eliminated?>> I know of utilities such as those available from sysinternals.com> which can list running processes etc. Is there a way of finding out> those which are legal and those which are run by these trojans, the> track down the processes in the start up groups which activate them> and delete them altogether?>> At least something like before and after lists, or a list of genuine> or perhaps digitally signed images would help.>> Any ideas or guidance in this area?

Long answer about dealing with Pesky trojans and spyware=====================================================

See Tip 13 about the processes.See the rest on cleaning your PC(s)...

Microsoft has these suggestions for Protecting your computer from thevarious things that could happen to you/it:

Although those tips are fantastic, there are many things you shouldknow above and beyond what is there. Below I have detailedout many steps that can not only help you clean-up a problem PC butkeep it clean ,secure and running at its top performance mark.

I know this text can seem intimidating - it is quite long and a lotto take in for a novice - but I assure you that one trip through thislist and you will understand your computer and the options availableto you for protecting your data much better - and that the next timeyou review these steps, the time it takes will be greatly reduced.

Let's take the cleanup of your computer step-by-step. Yes, it will takeup some of your time - but consider what you use your computerfor and how much you would dislike it if all of your stuff on yourcomputer went away because you did not "feel like" performing somesimple maintenance tasks - think of it like taking out your garbage,collecting and sorting your postal mail, paying your bills on time,etc.

I'll mainly work around Windows XP, as that is what the bulk of thisdocument is about; however, here is a place for you poor souls stillstuck in Windows 98/ME where you can get information on maintainingyour system:

Now, let's go through some maintenance first that should only have to bedone once (mostly):

Tip (1):Locate all of the software you have installed on your computer.(the installation media - CDs, downloaded files, etc)Collect these CDs and files together in a central and safeplace along with their CD keys and such. Make backups of theseinstallation media sets using your favorite copying method (CD/DVD Burnerand application, Disk copier, etc.) You'll be glad to know that if youhave a CD/DVD burner, you may be able to use a free application to make aduplicate copy of your CDs. One such application is ISORecorder:

Another Option would be to search the web with Pricewatch.com orDealsites.net and find deals on Products like Ahead Nero and/or Roxio.

Tip (2):Empty your Temporary Internet Files and shrink the size it stores to asize between 128MB and 512MB..

- Open ONE copy of Internet Explorer.- Select TOOLS -> Internet Options.- Under the General tab in the "Temporary Internet Files" section, do the following: - Click on "Delete Cookies" (click OK) - Click on "Settings" and change the "Amount of disk space to use:" to something between 128MB and 512MB. (Betting it is MUCH larger right now.) - Click OK. - Click on "Delete Files" and select to "Delete all offline contents" (the checkbox) and click OK. (If you had a LOT, this could take 2-10 minutes or more.)- Once it is done, click OK, close Internet Explorer, re-open Internet Explorer.

Tip (3):If things are running a bit sluggish and/or you have an older system(1.5GHz or less and 256MB RAM or less) then you may want to look intotweaking the performance by turning off some of the 'resource hogging'Windows XP "prettifications". The fastest method is:

Control Panel --> System --> Advanced tab --> Performance section,Settings button. Then choose "adjust for best performance" and younow have a Windows 2000/98 look which turned off most of the annoying"prettifications" in one swift action. You can play with the lastthree checkboxes to get more of an XP look without many of theother annoyances. You could also grab and install/use one(or more) of the Microsoft Powertoys - TweakUI in particular:

Tip (4):Understanding what a good password might be is vital to yourpersonal and system security. You may think you do not need to passwordyour home computer, as you may have it in a locked area (your home) whereno one else has access to it. Remember, however, you aren't always"in that locked area" when using your computer online - meaning you likelyhave usernames and passwords associated with web sites and the likes thatyou would prefer other people do not discover/use. This is why you shouldunderstand and utilize good passwords.

Good passwords are those that meet these general rules(mileage may vary):

Passwords should contain at least six characters, and the character string should contain at least three of these four character types: - uppercase letters - lowercase letters - numerals - nonalphanumeric characters (e.g., *, %, &, !,

Passwords should not contain your name/username. Passwords should be unique to you and easy to remember.

One method many people are using today is to make up a phrase thatdescribes a point in their life and then turning that phrase into theirpassword by using only certain letters out of each word in that phrase.It's much better than using your birthday month/year or your anniversaryin a pure sense. For example, let's say my phrase is: 'Moved to new home in 2004'I could come up with this password from that: 'Mv2n3whmN04'

The password tip is in the one time section, but I highlyrecommend you periodically change your passwords. The suggested timevaries, but I will throw out a 'once in every 3 to 6 months forevery account you have.'

Tip (5):This tip is also 'questionable' in the one time section; however -if properly setup - this one can be pretty well ignored for most peopleafter the initial 'fiddle-with' time.

You should, in some way, use a firewall. Hardware (like a niceCable Modem/DSL router) or software is up to you. Many use both ofthese. The simplest one to use is the hardware one, as most peopledon't do anything that they will need to configure their NAT devicefor and those who do certainly will not mind fiddling with the equipmentto make things work for them. Next in the line of simplicity wouldhave to be the built-in Windows Firewall of Windows XP. In SP2 itis turned on by default. It is not difficult to turn on in anycase, however:

The trouble with the Windows Firewall is that it only keeps thingsout. For most people who maintain their system in other ways, this isMORE than sufficient. However, you may feel otherwise. If you want toknow when one of your applications is trying to obtain access to theoutside world so you can stop it, then you will have to install athird-party application and configure/maintain it. I have compiled alist with links of some of the better known/free firewalls you can choosefrom:

You should find the right firewall for your situation in thatlist and set it up.

Every firewall WILL require some maintenance. Essentially checking forpatches or upgrades (this goes for hardware and software solutions) isthe extent of this maintenance - you may also have to configure yourfirewall to allow some traffic depending on your needs.

** Don't stack the software firewalls! Running more than one softwarefirewall will not make you safer - it would possibly negate someprotection you gleamed from one or the other firewall you run.

Now that you have some of the more basic things down..Let's go through some of the steps you should take periodically tomaintain a healthy and stable windows computer. If you have notdone some of these things in the past, they may seem tedious - however,they will become routine and some can even be automatically scheduled.

Tip (6):The system restore feature is a new one - first appearing in WindowsME and then sticking around for Windows XP. It is a useful featureif you keep it maintained and use it to your advantage. Remember thatthe system restore pretty much tells you in the name what it protectswhich is 'system' files. Your documents, your pictures, your stuff isNOT system files - so you should also look into some backup solution.

I have seen the automatic system restore go wrong too many times notto suggest the following.. Whenever you think about it (after doing aonce-over on your machine once a month or so would be optimal) - clearout your System Restore and create a manual restoration point.

'Why?'

Too many times have I seen the system restore files go corrupt or geta virus in them, meaning you could not or did not want to restore fromthem. By clearing it out periodically you help prevent any corruptionfrom happening and you make sure you have at least one good "snapshot".(*This, of course, will erase any previous restore point you have.*)

That covers your system files, but doesn't do anything for the filesthat you are REALLY worried about - yours! For that you need to lookinto backups. You can either manually copy your important files, folders,documents, spreadsheets, emails, contacts, pictures, drawings and so onto an external location (CD/DVD - any disk of some sort, etc) or you canuse the backup tool that comes with Windows XP:

Yes - you still need some sort of external media to store the resultson, but you could schedule the backup to occur when you are not around,then burn the resultant data onto CD or DVD or something when you are(while you do other things!)

A lot of people have wondered about how to completely backup their systemso that they would not have to go through the trouble of a reinstall..I'm going to voice my opinion here and say that it would be worthless todo for MOST people. Unless you plan on periodically updating the imagebackup of your system (remaking it) - then by the time you use it(something goes wrong) - it will be so outdated as to be more trouble thanperforming a full install of the operating system and all applications.

Having said my part against it, you can clone/backup your hard drivecompletely using many methods - by far the simplest are using disk cloningapplications:

Tip (7):You should sometimes look through the list of applications that areinstalled on your computer. The list may surprise you. There are morethan likely things in there you know you never use - so why have themthere? There may even be things you know you did *not* install andcertainly do not use (maybe don't WANT to use.)

This web site should help you get started at looking through this list:

A word of warning - Do NOT uninstall anything you think you MIGHT needin the future unless you have completed Tip (1) and have the installationmedia and proper keys for use backed up somewhere safe!

Tip (8):Patches and Updates!

This one cannot be stressed enough. It is SO simple, yet so neglectedby many people. It is especially simple for the critical Windows patches!Microsoft put in an AUTOMATED feature for you to utilize so that you doNOT have to worry yourself about the patching of the Operating System:

Go there and scan your machine for updates. Always get the critical onesas you see them. Write down the KB###### or Q###### you see whenselecting the updates and if you have trouble over the next few days,go into your control panel (Add/Remove Programs), insure that the'Show Updates' checkbox is checked and match up the latest numbers youdownloaded recently (since you started noticing an issue) and uninstallthem. If there was more than one (usually is), uninstall them one by onewith a few hours of use in between, to see if the problem returns.Yes - the process is not perfect (updating) and can cause trouble like Imentioned - but as you can see, the solution isn't that bad - and isMUCH better than the alternatives.

Windows is not the only product you likely have on your PC. Themanufacturers of the other products usually have updates. New versionsof almost everything come out all the time - some are free, some are payand some you can only download if you are registered - but it is bestto check. Just go to their web pages and look under their support anddownload sections. For example, for Microsoft Office you should visit:

You also have hardware on your machine that requires drivers to interfacewith the operating system. You have a video card that allows you to see onyour screen, a sound card that allows you to hear your PCs sound output andso on. Visit those manufacturer web sites for the latest downloadabledrivers for your hardware/operating system. Always get the manufacturers'hardware driver over any Microsoft offers. On the Windows Update site Imentioned earlier, I suggest NOT getting their hardware drivers - no matterhow tempting.

How do you know what hardware you have in your computer? Break out theinvoice or if it is up and working now - take inventory:

Once you know what you have, what next? Go get the latest driver for yourhardware/OS from the manufacturer's web page. For example, let's say youhave an NVidia chipset video card or ATI video card, perhaps a CreativeLabs sound card or C-Media chipset sound card...

Then install these drivers. Updated drivers are usually more stable andmay provide extra benefits/features that you really wished you had before.

As for Service Pack 2 (SP2) for Windows XP, Microsoft has made thisparticular patch available in a number of ways. First, there is theWindows Update web page above. Then there is a direct download siteand finally, you can order the FREE CD from Microsoft.

If all else fails - grab the full download above and try to use that.In this case - consider yourself a 'IT professional or developer'.

Tip (9):What about the dreaded word in the computer world, VIRUS?

Well, there are many products to choose from that will help you preventinfections from these horrid little applications. Many are FREE to thehome user and which you choose is a matter of taste, really. Many peoplehave emotional attachments or performance issues with one or anotherAntiVirus software. Try some out, read reviews and decide for yourselfwhich you like more:

Most of them have automatic update capabilities. You will have tolook into the features of the one you choose. Whatever one you finallysettle with - be SURE to keep it updated (I recommend at least daily) andperform a full scan periodically (yes, most protect you actively, but afull scan once a month at 4AM probably won't bother you.)

Tip (10):The most rampant infestation at the current time concerns SPYWARE/ADWARE.You need to eliminate it from your machine.

There is no one software that cleans and immunizes you againsteverything. Antivirus software - you only needed one. Firewall, youonly needed one. AntiSpyware - you will need several. I have a list andI recommend you use at least the first five.

First - make sure you have NOT installed "Rogue AntiSpyware". There arepeople out there who created AntiSpyware products that actually installspyware of their own! You need to avoid these:

Sometimes you need to install the application and reboot into SAFE MODE inorder to thoroughly clean your computer. Many applications also have(or are) immunization applications. Spybot Search and Destroy andSpywareBlaster are two that currently do the best job at passivelyprotecting your system from malware. None of these programs (in theseeditions) run in the background unless you TELL them to. The space theytake up and how easy they are to use greatly makes up for any inconvenienceyou may be feeling.

Please notice that Windows XP SP2 does help stop popups as well.

Another option is to use an alternative Web browser. I suggest'Mozilla Firefox', as it has some great features and is very easy to use:

So your machine is pretty clean and up to date now. If you use the sectionsabove as a guide, it should stay that way as well! There are still a fewmore things you can do to keep your machine running in top shape.

Tip (11):You should periodically check your hard drive(s) for errors and defragmentthem. Only defragment after you have cleaned up your machine ofoutside parasites and never defragment as a solution to a quirkiness inyour system. It may help speed up your system, but it should be cleanbefore you do this. Do these things IN ORDER...

I would personally perform the above steps at least once every three months.For most people this should be sufficient, but if the difference you noticeafterwards is greater than you think it should be, lessen the time inbetween its schedule.. If the difference you notice is negligible, you canincrease the time.

Tip (12):SPAM! JUNK MAIL!This one can get annoying, just like the rest. You get 50 emails in onesitting and 2 of them you wanted. NICE! (Not.) What can you do? Well,although there are services out there to help you, some emailservers/services that actually do lower your spam with features built intotheir servers - I still like the methods that let you be the end-decisionmaker on what is spam and what is not. I have two products to suggest toyou, look at them and see if either of them suite your needs. Again, ifthey don't, Google is free and available for your perusal.

As I said, those are not your only options, but are reliable ones I haveseen function for hundreds+ people.

Tip (13):ADVANCED TIP! Only do this once you are comfortable under the hood of yourcomputer!

There are lots of services on your PC that are probably turned on by defaultyou don't use. Why have them on? Check out these web pages to see what allof the services you might find on your computer are and set them accordingto your personal needs. Be CAREFUL what you set to manual, and take heedand write down as you change things! Also, don't expect a large performanceincrease or anything - especially on today's 2+ GHz machines, however - Ilook at each service you set to manual as one less service you have to worryabout someone exploiting.

If you follow the advice laid out above (and do some of your own research aswell, so you understand what you are doing) - your computer will stay fairlystable and secure and you will have a more trouble-free system.

<mydejamail@yahoo.co.uk> wrote in message news:1120741387.182346.289270@o13g2000cwo.googlegroups.com...> Long query about dealing with Pesky trojans and spyware> =====================================================>> I have noticed that some virus or spyware programs stay in memory and> the removal programs state that the process can't be halted or the file> can't be deleted. They even stay that way when the removal programs are> run in safe mode>> What kind of processes are these, and why can't they be deleted?>> Do some of them run as services, and if so how can they be tracked down> from the start up programs and services and eliminated?>> I know of utilities such as those available from sysinternals.com which> can list running processes etc. Is there a way of finding out those> which are legal and those which are run by these trojans, the track> down the processes in the start up groups which activate them and> delete them altogether?>> At least something like before and after lists, or a list of genuine or> perhaps digitally signed images would help.>> Any ideas or guidance in this area?>

Don't use pirated software, visit porn sites and be careful which attachments you open. Better yet don't use the internet.

Beyond that use software to protect your computer and update regularly. You havent even mentioned if you use any software to protect your machine- just you 'know of utilities'- knowing about things doesn't protect you.

To get rid of those you have identify the name of it then specific advice for removal may be needed- the only universal cure is a reformat and reinstall.

Actually Firefox is my main browser, and I really find spyware on mycomputer as I don't download any stuff on my computer, and I runanti-virus and spyware removers regularly.

I get calls to fix spyware problems regularly, and it is annoying notbe able to fix them with the available tools in one go, even in bothsafe and normal mode.

Want I really want is something which can clear these programs if runonce in normal mode, once in safe mode and once is DOS mode.

Something that can work from a disk like Barts PE Disk is what I amlooking for.

A trojan remover based on something like Windows Scripting Host, thatcan be easily updated, and run in DOS mode or from Barts PE would begreat.

A community based toolkit that end users could update regularlyfordealing with new spyware would be the best.

Is there something like that out there.

mydejamail@yahoo.co.uk wrote:> Long query about dealing with Pesky trojans and spyware> =====================================================>> I have noticed that some virus or spyware programs stay in memory and> the removal programs state that the process can't be halted or the file> can't be deleted. They even stay that way when the removal programs are> run in safe mode>> What kind of processes are these, and why can't they be deleted?>> Do some of them run as services, and if so how can they be tracked down> from the start up programs and services and eliminated?>> I know of utilities such as those available from sysinternals.com which> can list running processes etc. Is there a way of finding out those> which are legal and those which are run by these trojans, the track> down the processes in the start up groups which activate them and> delete them altogether?>> At least something like before and after lists, or a list of genuine or> perhaps digitally signed images would help.> > Any ideas or guidance in this area?

mydejamail wrote:> Actually Firefox is my main browser, and I really find spyware on my> computer as I don't download any stuff on my computer, and I run> anti-virus and spyware removers regularly.>> I get calls to fix spyware problems regularly, and it is annoying not> be able to fix them with the available tools in one go, even in both> safe and normal mode.>> Want I really want is something which can clear these programs if run> once in normal mode, once in safe mode and once is DOS mode.>> Something that can work from a disk like Barts PE Disk is what I am> looking for.>> A trojan remover based on something like Windows Scripting Host, that> can be easily updated, and run in DOS mode or from Barts PE would be> great.>> A community based toolkit that end users could update regularlyfor> dealing with new spyware would be the best.>> Is there something like that out there.

No. Not one application or even a combination.But many applications (Like Spybot) can run from BartPE.

I clean dozens of machines in any given month and rarely do they come back for recleaning and rarely does the cleaning regime fail to cleanse the rogue programs from the system. However, there are cases where it is more economical and just all-in-all simpler/more logical to ghost the machine, format and reinstall from my unattended system, protect it from the beginning and copy the stuff from the ghost image that is needed.

I don't know -- I think most people, whenthey want to create a letter or an email,just want to create a letter or an email.Same thing when they want to researchsomething on the Internet, order some stuff,etc...

By your reasoning, even toasters shouldn'tbe simple -- if you want your toast in themorning, you'll need to know somethingabout infrared radiation, electrical currentflow, resistance, thermocouples, and such --not to mention also be handy with avoltmeter, soldering iron, and tools ingeneral.

That might sound ridiculous, but that'sbasically what computer users are havingto put up with now, and that truly isridiculous at this stage. Give two people alist of the most common computer tasks todo, but give one a 1995 Pentium-75 PCrunning Win95 with 16 Mb memory and an850 Mb hard drive, and give the other a 3Ghz P4 Dell running XP SP2 with a Gig ofmemory and 160 Gb HD. Then see whogets done sooner -- from a standing start.

A 10-year gap in technology should havea teeny bit more of an "improvement" thanthat, I do believe....

BC wrote:> I don't know -- I think most people, when> they want to create a letter or an email,> just want to create a letter or an email.> Same thing when they want to research> something on the Internet, order some stuff,> etc...

And they can do that - they do not have to have a computer to do that. Many "appliances" have been made - they CHOSE to get a computer.

> By your reasoning, even toasters shouldn't> be simple -- if you want your toast in the> morning, you'll need to know something> about infrared radiation, electrical current> flow, resistance, thermocouples, and such --> not to mention also be handy with a> voltmeter, soldering iron, and tools in> general.

No - by my reasoning that is not implied. A simple device is just that(simple) - but they CHOSE the more complicated one. They could just as easily have gotten one of the many WebTV devices - but they chose a computer for the extra functions (do their taxes, type up a documents, store and edit digital images, edit video, program/code, etc.) It is possible they did not know any better - but they should know better after a few months of use.. They have too much machine for the purpose they wanted. You don't go out and buy a jet-fuel burning hot-rod to get you back and forth to work because you know it is too much for what you want to do...

> That might sound ridiculous, but that's> basically what computer users are having> to put up with now, and that truly is> ridiculous at this stage. Give two people a> list of the most common computer tasks to> do, but give one a 1995 Pentium-75 PC> running Win95 with 16 Mb memory and an> 850 Mb hard drive, and give the other a 3> Ghz P4 Dell running XP SP2 with a Gig of> memory and 160 Gb HD. Then see who> gets done sooner -- from a standing start.

Common tasks according to you are email and creating a letter. The time will depend on how fast they type. hehIf you add in online shopping - the one with Windows 95 is in trouble.. because he won't have the plugins or possibly the security level browser needed to complete the transaction.

Billions of users - you are not going to satisfy even a decent percentage with a box that allows you to check email and shop online. TVs and Stereos used to be much simpler. Turn them on, move the knob.. No wiring to hook up, no such thing as Dolby surround sound or Digital TV or HD TV or everything else you have to connect up to your Television set (if it has the right inputs - if not you have to buy another converter box or a new TV..) - but now - hooking up a home entertainment system is more complicated than ever. And how about those poor people who still have the flashing 12:00 on their VCRs? Can't even set a clock because the only way they can is using the remote control - which has a total of 48 buttons for some reason.

Sure - there are versions out there of just about every product that HIDE the complications from its users - but obviously the people having trouble didn't bother to research what they should get.. So they drive their jet-fueled car to work, wondering why their gas prices are even higher than all the people complaining about $2+/gallon prices - but never looking into it.. They then come home and move their entertainment center to their new room - which takes them all weekend to get the sound just right, lighting for the plasma TV hooked into the HD TV converter box just right and they sit back and eat their Microwave pre-packaged popcorn. But at least they have only their "WebTV" to shop and send/receive email - so their life is simplified. *grin* (Too bad it sits next to the TiVo and the dual VCR/DVD writer - which has a blinking 12:00 since they moved it into the new room.)

In other words - people choose the level of tech they want to use. I know people that are still happily chugging along on their Windows 98 systems doing exactly what you say they do.. Let them be.. But if they choose to upgrade - ever - then things may get more complicated. And they will choose to upgrade as soon as their favorite (insert some product here) doesn't work anymore in their little world. (And don't even talk about backwards compatibility - after all, I cannot swap parts from my Model T with my Mustang.)

You're are making computers sound far morecomplicated than they are. To go back to thetoaster analogy -- to get a slice of breadproperly toasted without danger and a lot ofattention actually requires an awful lot of thingsto work properly. But with a competetive marketand a lot of incremental improvements inengineering and manufacturing, toasters arenot only cheap, but we take them for grantedthat they'll work for years until they wear out orget broken.

Not only is there absolutely nothing that XPdoes that Win95 couldn't do in a vastly smallersoftware footprint, but it was likewise the samewith even the still much smaller Win3.11 --actually even IE 5.0 was available to Win3.11.

Secure shopping? I know of a public libraryrunning Win95 on most of their public accessworkstations and they're using Firefox as thedefault browser. Adding the type of security isonly a trivially slight upgrade to the browser,and if Microsoft wouldn't have done it at thetime, a then strong Netscape would have.Multimedia and video processing was alreadyaround during the 3.xx days, and everythingelse you mentioned was just an app or a plugincard away if it wasn't already around. By thetime Windows came around, actually, PC's andDOS apps were already pretty mature and timetested, so much so that for a while the Windowsversions of long established DOS apps werefar more problematic.

For the past 10 years, there really hasn't muchif any, of an improvement in the useability andstability of PC's in general. Large improvementsin hardware have been offset by a largerincrease in the size and inefficiency of thesoftware. Very little tight code is written anymore,and I've noticed that the foreign subcontractedcoding is particularly bloated and sluggish. Andmuch, if not most of the security problems havebeen self-inflicted by a certain software giantadding "features" of highly dubious merit andintent.

Again, I think most people, when they want tocreate a letter or an email, just want to createa letter or an email. Same thing when they wantto research something on the Internet, ordersome stuff, etc...